Port redirection on PIX...

astroman · ‎05-26-2005

All -->

My goal? To redirect web traffic directed to the default 'www' port, to port 8080 on the web server in the DMZ.

Below are the relevant command sets...

static (DMZ,outside) tcp xx.xxx.xx.155 www 172.16.128.8 8080 netmask 255.255.255.255 0 0

access-list inbound permit tcp any host xx.xxx.xx.155 eq 8080

access-list inbound permit tcp any host xx.xxx.xx.155 eq www

The access-list 'hit' counts are increasing on the ACL allowing 'www' traffic. When I try to reach this web site via it's URL, a translation slot is created on the PIX. Am I missing anything on my end?

Any help is appreciated...

astroman

gfullage · ‎05-26-2005

Nope, sounds like the PIX is doing all it can. Can you access this web server via port 8080 from a PC on the DMZ segment, this would rule out the PIX as the problem? Is the web servers default gateway set to the PIX's DMZ interface address? What if you try and access it using the IP address rathern than the URL, does that make a difference?

The config you've shown is correct, and the fact a connection is created means the PIX is passing the traffic through to the web server. I would say either the web server is not listening on port 8080, or it's sending the replies elsewhere.

astroman · ‎05-26-2005

Thanks for the recommendations...

I'll test access from another server on the DMZ...

m.mohanasundaram · ‎05-30-2005

Hi,

I am just wondering if the following line is needed:

access-list inbound permit tcp any host xx.xxx.xx.155 eq 8080

Thanks,

Mo

astroman · ‎05-31-2005

It's not needed...but it's not harming anything either.